Cisco Catalyst PON Series Switches Optical Network Terminal Vulnerabilities

Vulnerability

The web-based management interface of Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) contains multiple vulnerabilities [1]. An unauthenticated, remote attacker can log in with a default credential if the Telnet protocol is enabled, perform command injection, and modify the configuration. The affected firmware versions are those prior to the fixed release provided in the Cisco advisory.

Exploitation

An attacker with network access to the web-based management interface can exploit these vulnerabilities without authentication. If Telnet is enabled, the attacker can use default credentials to gain access. For command injection, the attacker sends crafted requests to inject arbitrary commands. The advisory does not provide further specific steps, but it is likely that the vulnerabilities can be triggered via HTTP or HTTPS requests to the management interface.

Impact

Successful exploitation allows the attacker to gain full control of the ONT device, including executing arbitrary commands, modifying configuration settings, and potentially disrupting network services. The attacker could leverage this access to pivot to other devices on the network, leading to broader compromise.

Mitigation

Cisco has released free software updates to address these vulnerabilities [1]. Customers should upgrade to the fixed firmware version as indicated in the advisory. If Telnet is not required, disabling it can mitigate the default credential login. Additionally, restricting access to the management interface via access control lists (ACLs) is recommended. No known exploitation in the wild (KEV) has been reported as of the advisory date.